Description
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows a low‑privileged attacker with network access to the HTTP interface to take over the Oracle WebCenter Content server. Successful exploitation results in a complete compromise, affecting confidentiality, integrity, and availability as reflected in a CVSS 8.8 severity score. The flaw is capable of yielding full system control, consistent with an RCE scenario.

Affected Systems

Affected versions are Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0. These versions are part of Oracle’s Fusion Middleware suite and are used in content management deployments.

Risk and Exploitability

The CVSS vector indicates a network access requirement with low attack complexity and low privilege. The EPSS score of less than 1% suggests that automated exploitation has not been widely observed, and the vulnerability is not yet listed in the CISA KEV catalog. Nonetheless, the high impact and ease of exploitation make it a serious threat, particularly for environments that expose the HTTP port to untrusted networks or lack strong authentication controls.

Generated by OpenCVE AI on June 17, 2026 at 20:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied patch or upgrade Oracle WebCenter Content to a version where this issue is resolved.
  • If a patch cannot be applied immediately, block or tightly restrict HTTP access to the server from trusted networks only and enforce mandatory authentication to prevent low‑privileged access.
  • Monitor web application logs for abnormal activity and consider deploying a web application firewall to block suspicious HTTP requests.

Generated by OpenCVE AI on June 17, 2026 at 20:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle webcenter Content
CPEs cpe:2.3:a:oracle:webcenter_content:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_content:14.1.2.0.0:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle webcenter Content
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Oracle Webcenter Content
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T15:36:06.159Z

Reserved: 2026-04-01T20:03:40.838Z

Link: CVE-2026-35324

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T22:45:03Z

Weaknesses

No weakness.